5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
github.com/grafana/grafana is vulnerable to Incorrect Authorization. The vulnerability is due to the verify_email_enabled
option validating only at sign-up, allowing a user to change their email after signing up (and verifying it) without re-verification in the /profile
section. This can be exploited to prevent the legitimate owner of the email address from signing up.
github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f
github.com/grafana/grafana/commit/15179419c34080bef12f599f915d43a036249f07
github.com/grafana/grafana/commit/24fb9cb337e2e8e5f92aaa14bc646477f23dba35
github.com/grafana/grafana/commit/26f2f0dd834bfbb78c0fe242ce8ddee60cdcb1c5
github.com/grafana/grafana/commit/37ba9d7db1359c6dc3b6498c0c345d1a9eb3f6b7
github.com/grafana/grafana/commit/3f111809aaa74e66e8193b481b3bf8554547c66c
grafana.com/security/security-advisories/cve-2023-6152/
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%